search for: intsead

...causes rpcclient to go past the end of the ctr502 array and SEGV. See here: (gdb) p *info_ctr.ctr.ctr502 $9 = { count = 34, array = 0x67a140 } (gdb) p totalentries $10 = 35 Commit history shows that when the specific enum shares got unionized this loop changed to use "totalentries" intsead of "ctr.num_entries," which without looking into it might have been equivalent to "count." It would seem to me that "totalentries" really has to be bounds checked here else you can fall into this trap. I know this is ugly, but couldn't something be done like offs...